State of S/MIME support (emacs)

State of S/MIME support (emacs)

[Neale Pickett]

I just set up notmuch an hour ago and it seems like exactly what I need
to better perform my project management job. Except I get a lot of
S/MIME stuff.

Web searching tells me there have been various attempts for S/MIME
support. Before I dive into code, I thought I should ask if anybody else
has been playing around with S/MIME, either in the command-line tools or
in the emacs client. Specifically, I need to be able to decrypt S/MIME
encrypted email.

I'll refrain from expounding on how I *feel* about needing S/MIME.

-- 
Neale Pickett <neale@lanl.gov>

Re: State of S/MIME support (emacs)

[David Bremner]

[-- Attachment #1: Type: text/plain, Size: 1127 bytes --]

Neale Pickett <neale@lanl.gov> writes:

> I just set up notmuch an hour ago and it seems like exactly what I need
> to better perform my project management job. Except I get a lot of
> S/MIME stuff.
>
> Web searching tells me there have been various attempts for S/MIME
> support. Before I dive into code, I thought I should ask if anybody else
> has been playing around with S/MIME, either in the command-line tools or
> in the emacs client. Specifically, I need to be able to decrypt S/MIME
> encrypted email.
>
> I'll refrain from expounding on how I *feel* about needing S/MIME.

The wall I hit when I was working on it was that libgmime does not
(correctly) support S/MIME encryption/decryption. So that's why the
command line tools only support signature verification and not
decryption.  The "good of humanity" solution (assuming you don't think
that is eradication of S/MIME) would be to add this support to
libgmime. I think upstream would take the patches, but didn't sound like
it was likely to happen without external contribution. The "dirty hack"
solution would be to use gpgsm or openssl directly from emacs.

d

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 647 bytes --]

Re: State of S/MIME support (emacs)

[Daniel Kahn Gillmor]

[-- Attachment #1: Type: text/plain, Size: 849 bytes --]

On Thu 2016-09-01 15:32:07 -0400, Neale Pickett wrote:
> I just set up notmuch an hour ago and it seems like exactly what I need
> to better perform my project management job. Except I get a lot of
> S/MIME stuff.
>
> Web searching tells me there have been various attempts for S/MIME
> support. Before I dive into code, I thought I should ask if anybody else
> has been playing around with S/MIME, either in the command-line tools or
> in the emacs client. Specifically, I need to be able to decrypt S/MIME
> encrypted email.
>
> I'll refrain from expounding on how I *feel* about needing S/MIME.

Are you looking at S/MIME encrypted mail or just S/MIME signed mail?
there should be support for S/MIME signed mail already.  as bremner
says, it's the encrpytion layers that need work, and probably need the
work in gmime directly first.

     --dkg

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 930 bytes --]

Re: State of S/MIME support (emacs)

[Neale Pickett]

David Bremner <david@tethera.net> writes:

> The wall I hit when I was working on it was that libgmime does not
> (correctly) support S/MIME encryption/decryption. So that's why the
> command line tools only support signature verification and not
> decryption.  The "good of humanity" solution (assuming you don't think
> that is eradication of S/MIME) would be to add this support to
> libgmime. I think upstream would take the patches, but didn't sound like
> it was likely to happen without external contribution. The "dirty hack"
> solution would be to use gpgsm or openssl directly from emacs.

Okay, I'll work on libgmime in my spare time, if I ever get any of that
again. You may find yourself getting a dirty hack. Please don't judge.



Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:

> Are you looking at S/MIME encrypted mail or just S/MIME signed mail?
> there should be support for S/MIME signed mail already.  as bremner
> says, it's the encrpytion layers that need work, and probably need the
> work in gmime directly first.

Encrypted, unfortunately.

----

While I'm sending an email to an archived mail list, I'll throw in this
function I just whipped out for S/MIME encrypting for all
recipients. There are a couple of very confusing suggestions for doing
this on the Emacswiki (which I will amend, someday). This one runs
interactively and encrypts to all recipients, if you have LDAP.


(defun neale/smime-encrypt ()
  "S/MIME encrypt to all recipients and yourself.

Looks up everybody in LDAP to get their key first.
"
  (interactive)
  (mml-unsecure-message)
  (let* ((recips (mm-delete-duplicates (split-string (message-options-set-recipient) ", ")))
	 (mycertbuf (smime-cert-by-ldap user-mail-address))
	 (certbufs (mapcar 'smime-cert-by-ldap recips))
	 (tags '()))
    (dolist (certbuf certbufs)
      (setq tags (cons (buffer-name certbuf) tags))
      (setq tags (cons 'certfile tags)))
    (save-excursion
      (goto-char (point-min))
      (cond ((re-search-forward
	      (concat "^" (regexp-quote mail-header-separator) "\n") nil t)
	     (goto-char (setq insert-loc (match-end 0)))
	     (unless (looking-at "<#secure")
	       (apply 'mml-insert-tag
		      'secure
		      'method "smime"
		      'mode "encrypt"
		      'certfile (buffer-name mycertbuf)
		      tags)))))))



-- 
Neale Pickett <neale@lanl.gov>